Configuring AE Services to access an enterprise directory

Last Updated : Dec 08, 2021 |

About this task

Configure AE Services to access the enterprise directory for a TSAPI, JTAPI, or DMCC application that authenticates to an external LDAP server.

Before you begin

  • To use the enterprise directory to access the AE Services management console, you need the following:

    • A Portable Operating System Interface (POSIX) account for Role Based Access Control (RBAC).

    • A certificate generated using startTLS or LDAPS to connect to your enterprise directory for authentication purpose.

    • The FQDN of the host enterprise directory.

    Note:

    An unencrypted LDAP connection is no longer supported.

  • Import the CA certificates used to sign the enterprise directory server identity certificate into the AE Services server.

Procedure

  1. On the AE Services management console, go to Security > Enterprise Directory.
  2. On the Enterprise Directory Configuration page, in User DN for Query Authentication, type the distinguished name (DN) for the user object that AE Services uses to access an external or enterprise directory.

    The user object can be a full user name, a display name, a user login, an application name, or a domain component.

    For example, you can type:

    cn=John Doe,cn=Users,dc=mycompany,dc=example,dc=com.

    where cn stands for common name, ou stands for the organizational unit, and dc – for the domain component.

  3. In Password, type the password for the enterprise directory server.
  4. In Confirm Password, retype the password.
  5. In Base Search DN, type the LDAP string to indicate where to start the search.
  6. In Host FQDN, type the FQDN of the enterprise directory server.
  7. Optional If your configuration supports a failover server for the enterprise directory server, in Secondary HostName/IP Address, type the IP address of the failover server.
  8. In User ID Attribute Name, type one of the following:

    • uid (Default): For the AE Services User Management database

    • samaccountname: For Microsoft Active Directory

    • uid: For IBM Lotus Domino

  9. In Port, type the port number for enterprise directory access.

    The default port number is 636.

  10. In Secondary Port, type the failover server port number for the enterprise directory server.
  11. In Change Password URL, type the URL of the server that manages password change.
  12. Ensure that the LDAP-S option is selected and is read-only.
  13. Click Apply Changes.